add always-force-new-domain-key. fix https://github.com/Neilpang/acme.sh/issues/914

2025-10-31 02:17:18 +00:00 · 2017-07-02 15:25:35 +08:00 · 2017-07-02 15:25:35 +08:00 · c4b2e5829e
commit c4b2e5829e
parent 1be222f6ed
1 changed files with 18 additions and 3 deletions
--- a/acme.sh
+++ b/acme.sh
@ -1281,7 +1281,7 @@ createDomainKey() {

  _initpath "$domain" "$_cdl"

-  if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]); then
+  if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ] ; then
    if _createkey "$_cdl" "$CERT_KEY_PATH"; then
      _savedomainconf Le_Keylength "$_cdl"
      _info "The domain key is here: $(__green $CERT_KEY_PATH)"
@ -3148,7 +3148,7 @@ _regAccount() {
        return 1
      fi
      if [ "$code" = '202' ]; then
-        _info "Update success."
+        _info "Update account tos info success."

        CA_KEY_HASH="$(__calcAccountKeyHash)"
        _debug "Calc CA_KEY_HASH" "$CA_KEY_HASH"
@ -3355,7 +3355,7 @@ issue() {
  else
    _key=$(_readdomainconf Le_Keylength)
    _debug "Read key length:$_key"
-    if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ]; then
+    if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ] || [ "$Le_ForceNewDomainKey" = "1" ]; then
      if ! createDomainKey "$_main_domain" "$_key_length"; then
        _err "Create domain key error."
        _clearup
@ -3885,6 +3885,12 @@ issue() {
    _cleardomainconf Le_Listen_V4
  fi

+  if [ "$Le_ForceNewDomainKey" = "1" ]; then
+    _savedomainconf "Le_ForceNewDomainKey" "$Le_ForceNewDomainKey"
+  else
+    _cleardomainconf Le_ForceNewDomainKey
+  fi
+
  Le_NextRenewTime=$(_math "$Le_CertCreateTime" + "$Le_RenewalDays" \* 24 \* 60 \* 60)

  Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime")
@ -5026,6 +5032,7 @@ Parameters:
  --renew-hook                      Command to be run once for each successfully renewed certificate.
  --deploy-hook                     The hook file to deploy cert
  --ocsp-must-staple, --ocsp        Generate ocsp must Staple extension.
+  --always-force-new-domain-key     Generate new domain key when renewal. Otherwise, the domain key is not changed by default.
  --auto-upgrade   [0|1]            Valid for '--upgrade' command, indicating whether to upgrade automatically in future.
  --listen-v4                       Force standalone/tls server to listen at ipv4.
  --listen-v6                       Force standalone/tls server to listen at ipv6.
@ -5506,6 +5513,14 @@ _process() {
      --ocsp-must-staple | --ocsp)
        Le_OCSP_Staple="1"
        ;;
+      --always-force-new-domain-key)
+        if [ -z "$2" ] || _startswith "$2" "-"; then
+          Le_ForceNewDomainKey=1
+        else
+          Le_ForceNewDomainKey="$2"
+          shift
+        fi
+        ;;
      --log | --logfile)
        _log="1"
        _logfile="$2"